Securing business operations in an SOA

In order to achieve agility and shorter concept-to-market timescales for new products and services, ICT service providers and their corporate customers alike increasingly adopt a collection of technologies, concepts and capabilities which come under the banner of the Service Oriented Architecture (SOA). The Service Oriented Infrastructure (SOI) approach complements SOA by enabling the optimal use of virtualised infrastructure services and resources via the network, and their integration in tailored solutions that meet customer needs and adapt to their growth pattern. In this paper we focus on the business and technological challenges relating to security and service dependability for SOI. In particular the paper studies challenges in the security areas of (i) identity federation, (ii) distributed usage and access management, (iii) context-aware secure messaging, routing and transformation and (iv) SOA security governance. It gathers requirements and it proposes an architecture comprising design patterns and a governance framework that address these challenges. An example case-study presents an implementation of the proposed architecture's SOI security capabilities aiming at the practical validation of the proposed architectural concepts. Copyright (c) 2010 John Wiley & Sons, Ltd.